Privacy Policy
Last updated: June 2026
StayPay Ltd ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit our website, create an account, or interact with the StayPay platform in any capacity.
We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
---
1. WHO WE ARE
StayPay is a hospitality technology company providing a digital guest experience and concierge platform for short-stay and Airbnb hosts. Our platform enables hosts to create branded digital welcome guides for their guests, offer paid add-ons and services, connect guests with local concierge partners, and manage communications throughout the guest stay.
Company: StayPay Ltd
Registered in England and Wales
Company number: 16879405
Registered address: Royal Mills, 2 Cotton Street, Manchester, M4 5BZ
Email: privacy@usestaypay.com
---
2. WHO THIS POLICY APPLIES TO
This Privacy Policy applies to all individuals who interact with the StayPay platform. We recognise five distinct user types, each with a different relationship to our platform.
a) Hosts
Short-stay and Airbnb property owners or managers who create a StayPay account to manage their properties, configure guest welcome guides, set up paid add-ons, and communicate with guests and concierge partners.
b) Guests
Individuals staying at a host's property who access StayPay via a QR code or direct link to view their welcome guide, browse local services, request add-ons, and interact with concierge partners during their stay.
c) Concierge Partners
Independent service providers who register on StayPay to list their services, receive and manage guest booking requests, and receive payments facilitated through the platform.
d) Local Businesses
Businesses who register on the StayPay platform to list geo-targeted offers and services to nearby guests. Local businesses have their own account, dashboard, and analytics access, and are featured within guest welcome guides as recommended local services.
e) Administrators
StayPay staff and authorised internal users who access platform data for operational, support, and compliance purposes.
---
3. WHAT DATA WE COLLECT
a) Host Data
When a host registers or uses the platform, we may collect:
- Full name and contact details (email address, phone number)
- Property name(s), address(es), and property details
- Account credentials and profile information
- Billing and payment information (processed securely via Stripe)
- Subscription tier and plan details
- Communications with StayPay (support enquiries, demo requests, onboarding interactions)
- Usage data and platform activity logs
b) Guest Data
When a guest accesses the platform via a host-provided QR code or link, we may process:
- Name or stay reference (as provided by the host)
- Booking or property reference
- Phone number (collected with explicit consent for SMS notifications)
- Email address (collected with explicit consent where provided)
- Service requests made during their stay (including standard concierge bookings, add-on purchases, and custom service requests submitted by the guest)
- Counter-offer responses, where a guest accepts or declines a revised quote from a concierge partner
- Guest preferences submitted during the stay
- Places visited and local activity data associated with the stay session
- Reviews submitted by the guest at the end of their stay
- Payment information for any paid add-ons or services (processed securely via Stripe)
- Communication preferences and consent records
- Stay session metadata, including check-in and check-out dates and session status
During the course of a stay, guests may submit free-text custom requests, express service preferences, and provide reviews. This information is retained as part of the stay session record and used solely to deliver the requested services and to support the host's operational requirements.
StayPay does not use guest data for marketing purposes and only processes data necessary to deliver the service.
c) Concierge Partner Data When a concierge partner registers or uses the platform, we may collect:
- Full name, business name, and contact details (email address, phone number)
- Service listings, descriptions, availability, and pricing
- Counter-offer and negotiation history associated with guest booking requests
- Identity and payout information required for Stripe Connect onboarding
- Bank account or payment details for receiving payouts
- Communications and request history with hosts and guests
- Account credentials and profile information
- Platform fees and transaction records
d) Local Business Data For local businesses registered on the platform, we may collect:
- Business name, contact details, and registered address
- Business type, description, logo, and website or booking links
- Offer details, conditions, and expiry information
- Offer redemption records
- Impression, click, and conversion analytics associated with their listed offers
- Account credentials and profile information
e) Automatically Collected Website and Platform Data When anyone visits our website or uses the platform, we may automatically collect:
- IP address
- Browser type and device information
- Pages visited, features used, and session duration
- Referring URLs and traffic sources
This data is collected via cookies and similar tracking technologies. Please refer to our Cookie Policy for full details.
---
4. HOW WE USE PERSONAL DATA
Hosts
We use host data to:
- Create and manage host accounts and property listings
- Deliver, maintain, and improve the StayPay platform
- Process subscription payments and manage billing
- Send platform notifications, product updates, and support communications
- Respond to enquiries and provide customer support
- Meet legal and regulatory obligations
Guests
We use guest data to:
- Display the correct property welcome guide and local information
- Process add-on requests and facilitate standard concierge bookings
- Process and manage custom service requests submitted by guests, including routing to the appropriate concierge partner and facilitating the associated payment and fulfilment flow
- Record and process counter-offer responses where a guest accepts or declines a revised quote
- Collect and display guest reviews of their stay on behalf of the host
- Send SMS notifications relating to bookings or requests (with explicit consent)
- Support hosts in managing the guest experience
We do not use guest data for marketing, profiling, or any purpose beyond delivering the services described above.
Concierge Partners
We use concierge partner data to:
- Create and manage concierge partner accounts and service listings
- Route guest booking requests to the appropriate partner
- Facilitate payouts via Stripe Connect
- Calculate and apply platform fees on transactions
- Send notifications about new requests, booking confirmations, counter-offer activity, and updates
- Meet legal and financial reporting obligations
Local Businesses
We use local business data to:
- Create and manage local business accounts and offer listings
- Surface geo-targeted offers and recommendations to nearby guests within the platform - Provide analytics on offer impressions, clicks, and redemptions to local business account holders
- Communicate about listing updates or platform changes
---
5. OUR ROLE: DATA CONTROLLER VS DATA PROCESSOR
StayPay acts in different capacities depending on the context:
- For Host, Concierge Partner, and Local Business data, StayPay acts as a Data Controller — we determine the purposes and means of processing.
- For Guest data processed on behalf of a host, StayPay typically acts as a Data Processor — acting on the instructions of the host, who remains the Data Controller for their guests' personal data.
Hosts are responsible for informing their guests about how personal data is used during their stay, including the use of StayPay as a technology service provider. StayPay will support hosts in meeting these obligations where required.
Where guests submit custom service requests, their request details and contact information are shared with the relevant concierge partner solely to enable fulfilment of the requested service, on the instruction of the host.
---
6. LAWFUL BASIS FOR PROCESSING
We process personal data under the following lawful bases as defined under UK GDPR:
- Consent — where users explicitly submit information or opt in to specific communications (e.g. guest SMS notifications)
- Contract — where processing is necessary to deliver StayPay services to hosts, guests, or concierge partners
- Legitimate interests — to operate, secure, and improve our platform, and to conduct outreach to prospective hosts and partners
- Legal obligation — where processing is required to comply with applicable law, including financial record-keeping requirements
---
7. SMS COMMUNICATIONS
StayPay uses Twilio to send SMS notifications to guests and concierge partners. SMS messages are sent only where explicit consent has been given by the recipient.
- Guests will be asked to provide their phone number and consent to SMS notifications as part of the guest onboarding flow. Consent is recorded and can be withdrawn at any time.
- Concierge partners consent to receive SMS notifications regarding booking requests and platform activity as part of their account registration.
- Hosts receive SMS notifications relating to platform activity (such as new guest requests and check-in alerts) as part of their account subscription.
SMS messages sent via the platform will identify StayPay as the sender. Standard message rates may apply depending on the recipient's mobile carrier.
---
8. COOKIES
We use cookies and similar tracking technologies to improve website and platform performance, understand visitor behaviour, and deliver a better user experience. You can manage your cookie preferences via your browser settings or through the cookie consent mechanism on our website. For full details on the cookies we use and how to manage them, please see our Cookie Policy.
---
9. DATA SHARING
We may share personal data with trusted third-party service providers who help us operate our business.
These include:
- Stripe — payment processing and Stripe Connect for concierge partner payouts
- Twilio — SMS notification delivery
- Supabase — database hosting and infrastructure
- Resend — transactional email delivery
- Google Places API — used to provide location-based recommendations and search functionality to guests within the platform
- Analytics providers — to understand platform usage (anonymised or aggregated where possible)
- Customer support tools — to manage support communications
- Concierge Partners — where a guest submits a booking request or custom service request, relevant guest contact details and request information are shared with the relevant partner to enable fulfilment of the requested service. This is done solely on the instruction of the host and for no other purpose.
All third parties are required to handle personal data securely, in compliance with applicable data protection law, and only for the purposes for which it has been shared.
We do not sell personal data to any third party under any circumstances.
---
10. INTERNATIONAL DATA TRANSFERS
Some of our third-party service providers may process data outside of the UK or European Economic Area (EEA). Where such transfers occur, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements, including Standard Contractual Clauses or equivalent mechanisms.
---
11. DATA STORAGE AND SECURITY
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or disclosure.
These measures include:
- Secure cloud hosting via Supabase with access controls and encryption
- Role-based access control limiting data access to authorised personnel only
- Data minimisation principles — we collect only what is necessary
- Secure payment processing via Stripe — StayPay does not store card details
- Regular review of our security practices and data handling procedures
Despite these measures, no data transmission over the internet can be guaranteed to be completely secure. We encourage users to take appropriate steps to protect their own account credentials.
---
12. DATA RETENTION
We retain personal data only for as long as is necessary to fulfil the purposes set out in this policy, or as required by law.
- Host data is retained for the duration of the account relationship and for a reasonable period thereafter to meet legal and regulatory obligations.
- Guest data is retained only for the duration of the stay and the period required to support the host's operational and legal obligations, unless otherwise required by law.
- Concierge partner data is retained for the duration of the partnership and for the period required to fulfil financial reporting and legal obligations (typically six years for financial records under UK law).
- Local business data is retained for the duration of the account relationship and for a reasonable period thereafter to meet legal and regulatory obligations.
- Website usage data collected via cookies is retained in accordance with our Cookie Policy.
---
13. YOUR RIGHTS
Under UK GDPR, all individuals whose personal data we process have the following rights:
- Right of access — to request a copy of the personal data we hold about you
- Right to rectification — to request correction of inaccurate or incomplete data
- Right to erasure — to request deletion of your personal data in certain circumstances
- Right to restrict processing — to request that we limit how we use your data
- Right to data portability — to receive your data in a structured, machine-readable format
- Right to object — to object to processing based on legitimate interests
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
Guests should, in the first instance, direct any data rights requests to the relevant host, who is the Data Controller for guest data. StayPay will assist hosts in fulfilling these requests where required and will handle any requests directed to us directly.
To exercise your rights or raise a data protection query, please contact us at privacy@usestaypay.com. We will respond to all verified requests within 30 days in accordance with our obligations under UK GDPR.
---
14. COMPLAINTS
If you have concerns about how we handle your personal data, we encourage you to contact us in the first instance so we can seek to resolve the matter. If you remain unsatisfied, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
Website: www.ico.org.uk
Helpline: 0303 123 1113
---
15. CHANGES TO THIS POLICY
We may update this Privacy Policy from time to time to reflect changes to our services, legal obligations, or data practices. Any material changes will be communicated to registered users via email or in-platform notification. The most current version will always be available on our website, with the revision date shown at the top of the document.
Continued use of the StayPay platform following an update to this policy constitutes acceptance of the revised terms.
---
16. CONTACT US
StayPay Ltd Royal Mills, 2 Cotton Street, Manchester, M4 5BZ
Email: privacy@usestaypay.com
Website: usestaypay.com